Fake UK government email can show up in Outlook and should be deleted


An infected email supposedly from the UK government appeared in our Outlook Inbox. It’s a good example of what to be careful of in emails and how some Outlook settings protect you from harm.

Here’s the message that got through our mail hosts checks and Outlook’s.

Many things in this email are a ‘Red Flag’ to any careful computer user.

Attachment is a .doc file – the first thing we noticed was the .doc attachment.  That’s enough get the message deleted immediately.

Fake Domain– the hackers have put the gov.uk domain in the name and subject because that’s the real UK government domain. But the return email address is ‘govds.uk’.  The name ‘secure’ means nothing but is meant to trick the unwary.

Why?  – even if you’re a UK resident, why would the government be sending you ‘confidential’ documents without notice?

Pictures block – Outlook’s default is to block any linked images in emails.  That’s a wise move because even getting an image to display in a message can tell the hackers who opened the message, where they are and other info.

In this case the hackers ‘steal’ the images from the real UK government site (ie they link to images at https://www.tax.service.gov.uk ) to look more authentic.

The hackers aim, in this case, is to trick people into opening the ‘.doc’ file.  Other nasty emails want you to click on a link.

The last line of defense

Place not thy (whole) trust in email filters – this email got past the highly regarded and expensive email scanner used by our mail hosts and Outlook’s own checks (though the latter have been crippled).

The last line of defense is you.